update-flake.yml

 1name: Update flake.lock
 2
 3on:
 4  push:
 5    branches: [master]
 6    paths: [go.sum]
 7  workflow_dispatch:
 8
 9permissions:
10  contents: write
11  pull-requests: write
12
13jobs:
14  update:
15    runs-on: ubuntu-latest
16    steps:
17      - uses: actions/checkout@v6
18
19      - uses: DeterminateSystems/nix-installer-action@main
20
21      - name: Update flake.lock
22        run: nix flake update
23
24      - name: Create Pull Request
25        env:
26          GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
27        run: |
28          git diff --quiet flake.lock && exit 0
29          BRANCH="chore/update-flake-lock"
30          git config user.name "Floatpane Bot"
31          git config user.email "us@floatpane.com"
32          git checkout -b "$BRANCH"
33          git add flake.lock
34          git commit -m "chore: update flake.lock"
35          git push -f origin "$BRANCH"
36          if ! gh pr list --head "$BRANCH" --state open | grep -q .; then
37            BODY=$(cat <<'EOF'
38          ## What?
39
40          Updates `flake.lock` to the latest revisions of all flake inputs (`nixpkgs`, `flake-utils`, etc.).
41
42          ## Why?
43
44          Keeps Nix inputs current so contributors and CI build against fresh `nixpkgs`. Picks up upstream security and toolchain fixes. Generated automatically by the flake-lock update workflow on changes to `go.sum`.
45          EOF
46          )
47            gh pr create --title "chore: update flake.lock" --body "$BODY" --base master --label chore --label area/nix
48          fi